CVE-2024-24213

Name of the Vulnerable Software and Affected Versions Supabase PostgreSQL version 15.1

Description A SQL injection issue was discovered via the component /pg meta/default/query. However, the vendor's position is that this is an intended feature, existing in the Supabase dashboard product for authorized users to enter SQL queries in a designated UI, with no injection occurring.

Recommendations For Supabase PostgreSQL version 15.1, consider restricting access to the /pg meta/default/query component to authorized users only, as it is intended for use within a specific UI. Additionally, ensure that all SQL queries entered through this component are thoroughly validated and sanitized to prevent any potential issues. At the moment, there is no information about a newer version that contains a fix for this vulnerability.